HN2
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
eru
24 days ago
|
parent
|
context
|
favorite
| on:
Claude Cowork exfiltrates files
> What if GitHub’s token scanning service went down.
If it's a secret gist, you only exposed the attacker's key to github, but not to the wider public?
OJFord
24 days ago
[–]
They mean it went down as in stopped working, had some outage; so you've tried to use it as a token revocation service, but it doesn't work (or not as quickly as you expect).
eru
23 days ago
|
parent
[–]
Sure, that's a valid worry. Though that's not all that different from a special purpose public token revocation service: they can also go down.
OJFord
22 days ago
|
root
|
parent
[–]
True, just more to rely on with the scanning too I suppose.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
If it's a secret gist, you only exposed the attacker's key to github, but not to the wider public?